Cantaluppi and partners
Email
IT
i nostri servizi
PRIVACY POLICY

This privacy policy is updated to 23 May 2018.

In compliance with the obligations deriving from national legislation (Legislative Decree no. 196 of 30 June 2003, Personal Data Protection Code) and Community legislation (European Regulation for the protection of personal data no. 679/2016, GDPR) and subsequent amendments, this website respects and protects the confidentiality of visitors and users, making every possible and proportionate effort not to infringe USERS’ rights.

This privacy policy applies exclusively to the online activities of this website and is valid for visitors/users of the website. The purpose of the privacy policy is to provide utmost transparency on the information the website collects and how it uses it.


Legislation

This site processes data on the basis of consent. By using or consulting this site, visitors and users explicitly approve this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including possible disclosure to third parties if necessary for the provision of a service. The provision of data and therefore Consent to the collection and processing of data is optional, the User may deny consent, and may revoke consent already provided at any time (via the Contact link at the bottom of the page). However, denying consent may result in the inability to provide certain services and your browsing experience on the site may be impaired. As of 25 May 2018 (the date on which the GDPR entered into force), this site will process some of the data based on the legitimate interests of the data controller.


Data collected and purpose

This site uses log files in which information collected automatically during the users’ visits is stored. The information collected may be as follows:

  • internet protocol (IP) address;
  • browser type and parameters of the device used to connect to the site;
  • name of the internet service provider (ISP);
  • date and time of visit;
  • the visitor's source (referral) and exit web pages;
  • country of origin;
  • possibly the number of clicks.


Data and information are collected for the following purposes:

  • in a purely aggregate and anonymous form to verify the proper functioning of the site. None of this information is related to the individual person-user of the site, and it does not allow their identification in any way (as of 25 May 2018, this information will be processed according to the owner’s legitimate interests).
  • for security purposes (anti-spam filters, firewalls, virus detection), the automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with the relevant laws, to block attempts to damage the site itself or to cause damage to other users, or in any case harmful or criminal activities. This data is never used for user identification or profiling, nor cross-referenced with other data, nor provided to third parties, but only used for the purpose of protecting the site and its users (from 25 May 2018, this information will be processed according to the legitimate interests of the owner).

The data received will be used exclusively for the provision of the requested service and only for the time needed for the provision of the service. The information that users (of the site) choose to provide through the services and tools made available by the site is provided by the user knowingly and voluntarily, exempting this site from any liability for any breaches of law. It is up to the user to check that they have the permission to enter personal data of third parties or content protected by national and international regulations.

The data collected by the site during its operation are used exclusively for the aforementioned purposes and stored for the time strictly necessary to carry out the specified activities. In any case, the personal data collected by the site will never be provided to third parties, for any reason whatsoever, unless it is a legitimate request by a judicial authority and only in the cases outlined by law.


Data processing location

The data collected by the site are processed at the Data Controller's premises, and at the web hosting data centre which is responsible for data processing, on behalf of the Data Controller, that is in the European Economic Area and operates in accordance with European standards.


Transfer of data to non-EU countries

This site may share some of the data collected with services located outside the European Union. In particular with Google, and the Google Analytics service. Transfer is authorised on the basis of specific decisions of the European Union and the Guarantor For The Protection Of Personal Data, in particular the decision 1250/2016 (Privacy Shield - here is the information page of the Italian Data Protection Authority), therefore no further consent is required. Google guarantees its subscription to the Privacy Shield.


Security measures

This website processes user data lawfully and correctly, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. In addition to the Data Controller, the data may be accessed by categories of employees involved in the organization of the website (administrative, commercial, marketing, legal and system administrator personnel) or by external parties (such as third-party technical service providers, postal couriers and hosting providers).


User rights

Pursuant to/according to the European Regulation 679/2016 (GDPR) and Art. 7 of Legislative Decree no. 30 June 2003, no. 196 http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1311248, the User may, in accordance with the procedures and within the limits outlined by current legislation, exercise the following rights:

  • object in whole or in part, for legitimate reasons, to the processing of personal data concerning them for the purpose of sending advertising materials for direct sales material or for carrying out market research or commercial communication;
  • request confirmation of the existence of personal data concerning them (right of access);
  • know its origin;
  • receive intelligible communication be notified;
  • obtain information on the logic, methods and purposes of the processing;
  • request the updating, correction, integration, cancellation, transformation anonimously ban of data processed unlawfully, including those no longer necessary to achieve the purposes for which they were collected;
  • in the case of consent-based processing, to receive their data provided to the controller, in a structured, readable form and in a format commonly used by an electronic device at the only cost of any support;
  • the right to lodge a complaint against the supervisory authority (Privacy Protection Authority - link to the Protection Authority's page);
  • as well as, in wider terms, to exercise all the rights granted to them by the current legislations.

In the case that data are processed according to legitimate interests, the rights of data subjects are nevertheless guaranteed (except for the right to/of data portability which is not outlined in the regulations), in particular the right to object to THE processing which can be exercised by sending a request to the data controller. Requests must be addressed to the data controller.


Data controller

The data controller in accordance with legislation in force is the Legal Representative of the company, who can be contacted via the CONTACT US section.


Data processor

The provider of the web hosting service is appointed as data processor, processing the data on behalf of the data controller. This is located in the European Economic Area and acts in accordance with European standards.

Google is appointed as data processor, processing data on behalf of the owner (Google Analytics).